Passwordless Authentication
Next Identity provides end users with the following options for Passwordless Authentication:
OTP via SMS or Email
The Passwordless authentication option allows applications to use a PIN that is sent via SMS or Email, instead of the end user having a permanent password set in the system.
This option begins with the end user submitting their email or mobile phone number and sent a PIN. Once the PIN is entered and verified they are authenticated. This method does not have two-step verification.
The PIN is valid for a limited time and end users are only allowed to resend themselves a PIN every 60 seconds.
WebAuthn (Device Authentication)
Using FIDO2 and Web Authentication (WebAuthn), the user's device can also be used for authentication. During login, the user will be prompted to register their device to use for authentication. If they choose and accept to use their device for authentication, the browser will then authenticate their device via a built-in process, specific to that browser. Options for authentication like biometrics authentication (fingerprint, facial recognition, and iris scan), or PIN are dependent on the device's capability.
Additional information
WebAuthn is currently supported in Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari web browsers, as well as Windows 10 and Android platforms. For more information on FIDO, please visit the Official FIDO Alliance website.
Warning
Not all devices with authentication options like biometric authentication, or PIN are FIDO2 compliant. To check if a specific device or manufacturer is FIDO2 Certified, please visit https://fidoalliance.org/certification/fido-certified-products/.
If the device authentication feature is registered, the next time the consumer comes to the application's login screen they will have that authentication feature as an option.
If the consumer wishes to disable (or enable) the feature, they can toggle the capability on or off from the profile page. Note that the toggle will reflect the current device only. If you have registered a device and have moved to another one, the toggle will show as disabled.
Auto Login
When passwordless authentication is enabled, an option can be set to log in the user automatically, without the need to press the passwordless authentication button (fingerprint icon).
If the auto login setting is disabled, the user can opt in for passwordless authentication, and then the user can log in using the current passwordless authentication process.
If the auto login is enabled, auto login is performed. If the auto login process is unsuccessful, an error message will be displayed.
If the user didn't opt in, or the user opted out of passwordless authentication, the user can only use the username-password sign-in process.
Updated about 1 year ago